Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: SSRF with blacklist-based input filter

SSRF Attack Lifecycle

Lab: SSRF with blacklist-based input filter

Objectives:

This lab has a stock check feature that fetches data from an internal system.

--

--

--

Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Shopee x JuiceFS: ClickHouse Cold and Hot Data Separation Storage Architecture and Practice

SQL Saturday Auckland 2020

Understanding the New HubSpot Workflow Features

A Simple Flask API

SQL Server Database Optimization by Indexing -Part 1

5 steps to API frustration

I’ve Cracked the Code, Please Call Tech Support- Episode 17, Data Forms Rising

Add Git Bash & VS Dev Cmd Prompt Profiles to Windows Terminal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

Server-Side Request Forgery (SSRF)- PortSwigger Labs

What is Automated Content Discovery?

Brooklyn 99 CTF - Process and Report

CVE-2022–29333 Privilege Escalation Power Director 14 — Exploiting GUI Weakness